162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 262306a36Sopenharmony_ci 362306a36Sopenharmony_ci#include <linux/limits.h> 462306a36Sopenharmony_ci#include <signal.h> 562306a36Sopenharmony_ci 662306a36Sopenharmony_ci#include "../kselftest.h" 762306a36Sopenharmony_ci#include "cgroup_util.h" 862306a36Sopenharmony_ci 962306a36Sopenharmony_cistatic int idle_process_fn(const char *cgroup, void *arg) 1062306a36Sopenharmony_ci{ 1162306a36Sopenharmony_ci (void)pause(); 1262306a36Sopenharmony_ci return 0; 1362306a36Sopenharmony_ci} 1462306a36Sopenharmony_ci 1562306a36Sopenharmony_cistatic int do_migration_fn(const char *cgroup, void *arg) 1662306a36Sopenharmony_ci{ 1762306a36Sopenharmony_ci int object_pid = (int)(size_t)arg; 1862306a36Sopenharmony_ci 1962306a36Sopenharmony_ci if (setuid(TEST_UID)) 2062306a36Sopenharmony_ci return EXIT_FAILURE; 2162306a36Sopenharmony_ci 2262306a36Sopenharmony_ci // XXX checking /proc/$pid/cgroup would be quicker than wait 2362306a36Sopenharmony_ci if (cg_enter(cgroup, object_pid) || 2462306a36Sopenharmony_ci cg_wait_for_proc_count(cgroup, 1)) 2562306a36Sopenharmony_ci return EXIT_FAILURE; 2662306a36Sopenharmony_ci 2762306a36Sopenharmony_ci return EXIT_SUCCESS; 2862306a36Sopenharmony_ci} 2962306a36Sopenharmony_ci 3062306a36Sopenharmony_cistatic int do_controller_fn(const char *cgroup, void *arg) 3162306a36Sopenharmony_ci{ 3262306a36Sopenharmony_ci const char *child = cgroup; 3362306a36Sopenharmony_ci const char *parent = arg; 3462306a36Sopenharmony_ci 3562306a36Sopenharmony_ci if (setuid(TEST_UID)) 3662306a36Sopenharmony_ci return EXIT_FAILURE; 3762306a36Sopenharmony_ci 3862306a36Sopenharmony_ci if (!cg_read_strstr(child, "cgroup.controllers", "cpuset")) 3962306a36Sopenharmony_ci return EXIT_FAILURE; 4062306a36Sopenharmony_ci 4162306a36Sopenharmony_ci if (cg_write(parent, "cgroup.subtree_control", "+cpuset")) 4262306a36Sopenharmony_ci return EXIT_FAILURE; 4362306a36Sopenharmony_ci 4462306a36Sopenharmony_ci if (cg_read_strstr(child, "cgroup.controllers", "cpuset")) 4562306a36Sopenharmony_ci return EXIT_FAILURE; 4662306a36Sopenharmony_ci 4762306a36Sopenharmony_ci if (cg_write(parent, "cgroup.subtree_control", "-cpuset")) 4862306a36Sopenharmony_ci return EXIT_FAILURE; 4962306a36Sopenharmony_ci 5062306a36Sopenharmony_ci if (!cg_read_strstr(child, "cgroup.controllers", "cpuset")) 5162306a36Sopenharmony_ci return EXIT_FAILURE; 5262306a36Sopenharmony_ci 5362306a36Sopenharmony_ci return EXIT_SUCCESS; 5462306a36Sopenharmony_ci} 5562306a36Sopenharmony_ci 5662306a36Sopenharmony_ci/* 5762306a36Sopenharmony_ci * Migrate a process between two sibling cgroups. 5862306a36Sopenharmony_ci * The success should only depend on the parent cgroup permissions and not the 5962306a36Sopenharmony_ci * migrated process itself (cpuset controller is in place because it uses 6062306a36Sopenharmony_ci * security_task_setscheduler() in cgroup v1). 6162306a36Sopenharmony_ci * 6262306a36Sopenharmony_ci * Deliberately don't set cpuset.cpus in children to avoid definining migration 6362306a36Sopenharmony_ci * permissions between two different cpusets. 6462306a36Sopenharmony_ci */ 6562306a36Sopenharmony_cistatic int test_cpuset_perms_object(const char *root, bool allow) 6662306a36Sopenharmony_ci{ 6762306a36Sopenharmony_ci char *parent = NULL, *child_src = NULL, *child_dst = NULL; 6862306a36Sopenharmony_ci char *parent_procs = NULL, *child_src_procs = NULL, *child_dst_procs = NULL; 6962306a36Sopenharmony_ci const uid_t test_euid = TEST_UID; 7062306a36Sopenharmony_ci int object_pid = 0; 7162306a36Sopenharmony_ci int ret = KSFT_FAIL; 7262306a36Sopenharmony_ci 7362306a36Sopenharmony_ci parent = cg_name(root, "cpuset_test_0"); 7462306a36Sopenharmony_ci if (!parent) 7562306a36Sopenharmony_ci goto cleanup; 7662306a36Sopenharmony_ci parent_procs = cg_name(parent, "cgroup.procs"); 7762306a36Sopenharmony_ci if (!parent_procs) 7862306a36Sopenharmony_ci goto cleanup; 7962306a36Sopenharmony_ci if (cg_create(parent)) 8062306a36Sopenharmony_ci goto cleanup; 8162306a36Sopenharmony_ci 8262306a36Sopenharmony_ci child_src = cg_name(parent, "cpuset_test_1"); 8362306a36Sopenharmony_ci if (!child_src) 8462306a36Sopenharmony_ci goto cleanup; 8562306a36Sopenharmony_ci child_src_procs = cg_name(child_src, "cgroup.procs"); 8662306a36Sopenharmony_ci if (!child_src_procs) 8762306a36Sopenharmony_ci goto cleanup; 8862306a36Sopenharmony_ci if (cg_create(child_src)) 8962306a36Sopenharmony_ci goto cleanup; 9062306a36Sopenharmony_ci 9162306a36Sopenharmony_ci child_dst = cg_name(parent, "cpuset_test_2"); 9262306a36Sopenharmony_ci if (!child_dst) 9362306a36Sopenharmony_ci goto cleanup; 9462306a36Sopenharmony_ci child_dst_procs = cg_name(child_dst, "cgroup.procs"); 9562306a36Sopenharmony_ci if (!child_dst_procs) 9662306a36Sopenharmony_ci goto cleanup; 9762306a36Sopenharmony_ci if (cg_create(child_dst)) 9862306a36Sopenharmony_ci goto cleanup; 9962306a36Sopenharmony_ci 10062306a36Sopenharmony_ci if (cg_write(parent, "cgroup.subtree_control", "+cpuset")) 10162306a36Sopenharmony_ci goto cleanup; 10262306a36Sopenharmony_ci 10362306a36Sopenharmony_ci if (cg_read_strstr(child_src, "cgroup.controllers", "cpuset") || 10462306a36Sopenharmony_ci cg_read_strstr(child_dst, "cgroup.controllers", "cpuset")) 10562306a36Sopenharmony_ci goto cleanup; 10662306a36Sopenharmony_ci 10762306a36Sopenharmony_ci /* Enable permissions along src->dst tree path */ 10862306a36Sopenharmony_ci if (chown(child_src_procs, test_euid, -1) || 10962306a36Sopenharmony_ci chown(child_dst_procs, test_euid, -1)) 11062306a36Sopenharmony_ci goto cleanup; 11162306a36Sopenharmony_ci 11262306a36Sopenharmony_ci if (allow && chown(parent_procs, test_euid, -1)) 11362306a36Sopenharmony_ci goto cleanup; 11462306a36Sopenharmony_ci 11562306a36Sopenharmony_ci /* Fork a privileged child as a test object */ 11662306a36Sopenharmony_ci object_pid = cg_run_nowait(child_src, idle_process_fn, NULL); 11762306a36Sopenharmony_ci if (object_pid < 0) 11862306a36Sopenharmony_ci goto cleanup; 11962306a36Sopenharmony_ci 12062306a36Sopenharmony_ci /* Carry out migration in a child process that can drop all privileges 12162306a36Sopenharmony_ci * (including capabilities), the main process must remain privileged for 12262306a36Sopenharmony_ci * cleanup. 12362306a36Sopenharmony_ci * Child process's cgroup is irrelevant but we place it into child_dst 12462306a36Sopenharmony_ci * as hacky way to pass information about migration target to the child. 12562306a36Sopenharmony_ci */ 12662306a36Sopenharmony_ci if (allow ^ (cg_run(child_dst, do_migration_fn, (void *)(size_t)object_pid) == EXIT_SUCCESS)) 12762306a36Sopenharmony_ci goto cleanup; 12862306a36Sopenharmony_ci 12962306a36Sopenharmony_ci ret = KSFT_PASS; 13062306a36Sopenharmony_ci 13162306a36Sopenharmony_cicleanup: 13262306a36Sopenharmony_ci if (object_pid > 0) { 13362306a36Sopenharmony_ci (void)kill(object_pid, SIGTERM); 13462306a36Sopenharmony_ci (void)clone_reap(object_pid, WEXITED); 13562306a36Sopenharmony_ci } 13662306a36Sopenharmony_ci 13762306a36Sopenharmony_ci cg_destroy(child_dst); 13862306a36Sopenharmony_ci free(child_dst_procs); 13962306a36Sopenharmony_ci free(child_dst); 14062306a36Sopenharmony_ci 14162306a36Sopenharmony_ci cg_destroy(child_src); 14262306a36Sopenharmony_ci free(child_src_procs); 14362306a36Sopenharmony_ci free(child_src); 14462306a36Sopenharmony_ci 14562306a36Sopenharmony_ci cg_destroy(parent); 14662306a36Sopenharmony_ci free(parent_procs); 14762306a36Sopenharmony_ci free(parent); 14862306a36Sopenharmony_ci 14962306a36Sopenharmony_ci return ret; 15062306a36Sopenharmony_ci} 15162306a36Sopenharmony_ci 15262306a36Sopenharmony_cistatic int test_cpuset_perms_object_allow(const char *root) 15362306a36Sopenharmony_ci{ 15462306a36Sopenharmony_ci return test_cpuset_perms_object(root, true); 15562306a36Sopenharmony_ci} 15662306a36Sopenharmony_ci 15762306a36Sopenharmony_cistatic int test_cpuset_perms_object_deny(const char *root) 15862306a36Sopenharmony_ci{ 15962306a36Sopenharmony_ci return test_cpuset_perms_object(root, false); 16062306a36Sopenharmony_ci} 16162306a36Sopenharmony_ci 16262306a36Sopenharmony_ci/* 16362306a36Sopenharmony_ci * Migrate a process between parent and child implicitely 16462306a36Sopenharmony_ci * Implicit migration happens when a controller is enabled/disabled. 16562306a36Sopenharmony_ci * 16662306a36Sopenharmony_ci */ 16762306a36Sopenharmony_cistatic int test_cpuset_perms_subtree(const char *root) 16862306a36Sopenharmony_ci{ 16962306a36Sopenharmony_ci char *parent = NULL, *child = NULL; 17062306a36Sopenharmony_ci char *parent_procs = NULL, *parent_subctl = NULL, *child_procs = NULL; 17162306a36Sopenharmony_ci const uid_t test_euid = TEST_UID; 17262306a36Sopenharmony_ci int object_pid = 0; 17362306a36Sopenharmony_ci int ret = KSFT_FAIL; 17462306a36Sopenharmony_ci 17562306a36Sopenharmony_ci parent = cg_name(root, "cpuset_test_0"); 17662306a36Sopenharmony_ci if (!parent) 17762306a36Sopenharmony_ci goto cleanup; 17862306a36Sopenharmony_ci parent_procs = cg_name(parent, "cgroup.procs"); 17962306a36Sopenharmony_ci if (!parent_procs) 18062306a36Sopenharmony_ci goto cleanup; 18162306a36Sopenharmony_ci parent_subctl = cg_name(parent, "cgroup.subtree_control"); 18262306a36Sopenharmony_ci if (!parent_subctl) 18362306a36Sopenharmony_ci goto cleanup; 18462306a36Sopenharmony_ci if (cg_create(parent)) 18562306a36Sopenharmony_ci goto cleanup; 18662306a36Sopenharmony_ci 18762306a36Sopenharmony_ci child = cg_name(parent, "cpuset_test_1"); 18862306a36Sopenharmony_ci if (!child) 18962306a36Sopenharmony_ci goto cleanup; 19062306a36Sopenharmony_ci child_procs = cg_name(child, "cgroup.procs"); 19162306a36Sopenharmony_ci if (!child_procs) 19262306a36Sopenharmony_ci goto cleanup; 19362306a36Sopenharmony_ci if (cg_create(child)) 19462306a36Sopenharmony_ci goto cleanup; 19562306a36Sopenharmony_ci 19662306a36Sopenharmony_ci /* Enable permissions as in a delegated subtree */ 19762306a36Sopenharmony_ci if (chown(parent_procs, test_euid, -1) || 19862306a36Sopenharmony_ci chown(parent_subctl, test_euid, -1) || 19962306a36Sopenharmony_ci chown(child_procs, test_euid, -1)) 20062306a36Sopenharmony_ci goto cleanup; 20162306a36Sopenharmony_ci 20262306a36Sopenharmony_ci /* Put a privileged child in the subtree and modify controller state 20362306a36Sopenharmony_ci * from an unprivileged process, the main process remains privileged 20462306a36Sopenharmony_ci * for cleanup. 20562306a36Sopenharmony_ci * The unprivileged child runs in subtree too to avoid parent and 20662306a36Sopenharmony_ci * internal-node constraing violation. 20762306a36Sopenharmony_ci */ 20862306a36Sopenharmony_ci object_pid = cg_run_nowait(child, idle_process_fn, NULL); 20962306a36Sopenharmony_ci if (object_pid < 0) 21062306a36Sopenharmony_ci goto cleanup; 21162306a36Sopenharmony_ci 21262306a36Sopenharmony_ci if (cg_run(child, do_controller_fn, parent) != EXIT_SUCCESS) 21362306a36Sopenharmony_ci goto cleanup; 21462306a36Sopenharmony_ci 21562306a36Sopenharmony_ci ret = KSFT_PASS; 21662306a36Sopenharmony_ci 21762306a36Sopenharmony_cicleanup: 21862306a36Sopenharmony_ci if (object_pid > 0) { 21962306a36Sopenharmony_ci (void)kill(object_pid, SIGTERM); 22062306a36Sopenharmony_ci (void)clone_reap(object_pid, WEXITED); 22162306a36Sopenharmony_ci } 22262306a36Sopenharmony_ci 22362306a36Sopenharmony_ci cg_destroy(child); 22462306a36Sopenharmony_ci free(child_procs); 22562306a36Sopenharmony_ci free(child); 22662306a36Sopenharmony_ci 22762306a36Sopenharmony_ci cg_destroy(parent); 22862306a36Sopenharmony_ci free(parent_subctl); 22962306a36Sopenharmony_ci free(parent_procs); 23062306a36Sopenharmony_ci free(parent); 23162306a36Sopenharmony_ci 23262306a36Sopenharmony_ci return ret; 23362306a36Sopenharmony_ci} 23462306a36Sopenharmony_ci 23562306a36Sopenharmony_ci 23662306a36Sopenharmony_ci#define T(x) { x, #x } 23762306a36Sopenharmony_cistruct cpuset_test { 23862306a36Sopenharmony_ci int (*fn)(const char *root); 23962306a36Sopenharmony_ci const char *name; 24062306a36Sopenharmony_ci} tests[] = { 24162306a36Sopenharmony_ci T(test_cpuset_perms_object_allow), 24262306a36Sopenharmony_ci T(test_cpuset_perms_object_deny), 24362306a36Sopenharmony_ci T(test_cpuset_perms_subtree), 24462306a36Sopenharmony_ci}; 24562306a36Sopenharmony_ci#undef T 24662306a36Sopenharmony_ci 24762306a36Sopenharmony_ciint main(int argc, char *argv[]) 24862306a36Sopenharmony_ci{ 24962306a36Sopenharmony_ci char root[PATH_MAX]; 25062306a36Sopenharmony_ci int i, ret = EXIT_SUCCESS; 25162306a36Sopenharmony_ci 25262306a36Sopenharmony_ci if (cg_find_unified_root(root, sizeof(root))) 25362306a36Sopenharmony_ci ksft_exit_skip("cgroup v2 isn't mounted\n"); 25462306a36Sopenharmony_ci 25562306a36Sopenharmony_ci if (cg_read_strstr(root, "cgroup.subtree_control", "cpuset")) 25662306a36Sopenharmony_ci if (cg_write(root, "cgroup.subtree_control", "+cpuset")) 25762306a36Sopenharmony_ci ksft_exit_skip("Failed to set cpuset controller\n"); 25862306a36Sopenharmony_ci 25962306a36Sopenharmony_ci for (i = 0; i < ARRAY_SIZE(tests); i++) { 26062306a36Sopenharmony_ci switch (tests[i].fn(root)) { 26162306a36Sopenharmony_ci case KSFT_PASS: 26262306a36Sopenharmony_ci ksft_test_result_pass("%s\n", tests[i].name); 26362306a36Sopenharmony_ci break; 26462306a36Sopenharmony_ci case KSFT_SKIP: 26562306a36Sopenharmony_ci ksft_test_result_skip("%s\n", tests[i].name); 26662306a36Sopenharmony_ci break; 26762306a36Sopenharmony_ci default: 26862306a36Sopenharmony_ci ret = EXIT_FAILURE; 26962306a36Sopenharmony_ci ksft_test_result_fail("%s\n", tests[i].name); 27062306a36Sopenharmony_ci break; 27162306a36Sopenharmony_ci } 27262306a36Sopenharmony_ci } 27362306a36Sopenharmony_ci 27462306a36Sopenharmony_ci return ret; 27562306a36Sopenharmony_ci} 276